Information security governance is a subset of corporate governance and can complete or encompass the governance of information technologies. It directs or strategically aligns information security activities and ensures that the company’s business objectives are reached. It also guarantees that information security risks are adequately managed and that information resources...

As a follow up to the Business Continuity Management program article, here is a more detailed description of the development and implementation phase objectives and content of the Business Continuity Plan (BCP) for major incidents. This plan is in fact a set of plans which is comprised of the following main components: Emergency action plan and damage assessment This is a...

Ransomware is one the many scams that Internet users dread. Once this type of malicious program is installed, it asks the user for “ransom” to unlock the computer, using various pretexts and pretending to be a local police authority. In one case, a user clicked on a malicious link and was bombarded with pornographic pop-ups. The user attempted to restart his computer, when he...

Cloud computing services require special attention in regards to information security and privacy. This is especially important when using credit card data while cloud computing in order to meet PCI-DSS ("Payment Card Industry – Data Security Standard") standards. To this end, the SSC ("Standard Security Council") published a document entitled “Information Supplement: PCI DSS...